This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Roaming between subnets.

Hi, I've searched the community and seen that people have had roaming issues where each AP is on a different VLAN.  I completely get this and why it causes problems as moving between APs gets an new from DHCP and, in my case, getting the new IP forces the user to reauthenticate.  I've seen people suggest putting all wireless users in the same VLAN but this is not possible in my current situation.

I am currently using Sophos XG, is there a solution that would allow user to roam between subnets without reauthenticating?  The Sophos devices that I am using are handling both WiFi and user accounts for auth.  I didn't know if there was a recommended solution that maintains the users session based on MAC address rather than the IP as our current setup allows users 3 devices/MAC addresses to be used anywhere in the facility.

Thanks in advance for any suggestions.



This thread was automatically locked due to age.
  • Hi Stu,

    did you try creating a WiFi network with the client traffic option "Separate Zone"? Data traffic will be encapsulated (probably via CAPWAP, not sure), acting like a tunnel between your AP and the XG. All clients will be connected to the same virtual subnet hosted on the firewall, meaning they are free to roam between layer 3 borders.

    Regards, JW

  • Thanks for this, I'll take a look when I get into work tomorrow. I've just started a new job with an existing network. Probably around 50 APs, each with their own VLAN. Within a day I noticed I had to keep logging in every couple of hours, I'm sat on the border of 2 APs, when it's supposed to be daily and when I walked around site noticed I had to keep logging in so when I took a look at the network devices I saw the setup. I had the same problem in my house but changed the VLANs to fix it whereas here I need to find a different solution.

    Thanks again.